CVE-2022-3525 CRITICAL

CVE-2022-3525: Deserialization of Untrusted Data in librenms/librenms

Vendor Librenms
Product librenms/librenms
Weakness CWE-502 · Unsafe deserialization
Published November 20, 2022
Last update April 24, 2025
View on NVD All CVEs

CVSS base score

9.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Deserialization of Untrusted Data in GitHub repository librenms/librenms prior to 22.10.0.

Key dates

02Disclosure timeline

November 20, 2022 CVE published
April 24, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-64227 WordPress Client Invoicing by Sprout Invoices plugin <= 20.8.7 - PHP Object Injection vulnerability CVE-2025-30065 Apache Parquet Java: Arbitrary code execution in the parquet-avro module when reading an Avro schema from a Parquet file metadata CVE-2025-49331 WordPress eCommerce Product Catalog plugin <= 3.4.3 - PHP Object Injection Vulnerability CVE-2024-12677 Delta Electronics DTM Soft Deserialization of Untrusted Data CVE-2025-15222 Dromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserialization